On Mon, 01 Dec 2003, Rafa Forcada wrote:
> El lun, 01-12-2003 a las 16:42, Peter Palfrader escribió:
> > On Mon, 01 Dec 2003, Vyacheslav Mukha wrote:
> >
> > > This exploit work on my Debian woody 3.r1 and get root .
> > > May be that script is instrument .
> >
> > Which kernel do you have installed?
>
> It worked on my debian woody 3.r1 too.
>
> rafa@rafota:~/temp$ uname -r
> 2.4.20
> rafa@rafota:~/temp$ ./kptrace
> sh-2.05a# whoami
> root
You are running a kernel that has known security issues. You should
install a kernel that has fixed those problems.
Please see the following URL for this (I think) specific problem:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127
Debian woody has fixed kernels which fixed this privilige escalation:
kernel-image-2.4.18-1-<something>. apt-cache search kernel-image should
give you a list of available kernel images (note that the -1 after 18 is
important).
"2.4.20" suggests you built your own kernel however. Upgrading to
2.4.23 could be a good idea.
HTH
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature